This repository has been archived by the owner. It is now read-only.
Permalink
Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up
4a258b4
Jun 9, 2017
6 contributors
Users who have contributed to this file
| // Copyright (c) .NET Foundation. All rights reserved. | |
| // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Threading.Tasks; | |
| namespace Microsoft.AspNetCore.Authorization.Infrastructure | |
| { | |
| /// <summary> | |
| /// Implements an <see cref="IAuthorizationHandler"/> and <see cref="IAuthorizationRequirement"/> | |
| /// which requires at least one instance of the specified claim type, and, if allowed values are specified, | |
| /// the claim value must be any of the allowed values. | |
| /// </summary> | |
| public class ClaimsAuthorizationRequirement : AuthorizationHandler<ClaimsAuthorizationRequirement>, IAuthorizationRequirement | |
| { | |
| /// <summary> | |
| /// Creates a new instance of <see cref="ClaimsAuthorizationRequirement"/>. | |
| /// </summary> | |
| /// <param name="claimType">The claim type that must be present.</param> | |
| /// <param name="allowedValues">The optional list of claim values, which, if present, | |
| /// the claim must match.</param> | |
| public ClaimsAuthorizationRequirement(string claimType, IEnumerable<string> allowedValues) | |
| { | |
| if (claimType == null) | |
| { | |
| throw new ArgumentNullException(nameof(claimType)); | |
| } | |
| ClaimType = claimType; | |
| AllowedValues = allowedValues; | |
| } | |
| /// <summary> | |
| /// Gets the claim type that must be present. | |
| /// </summary> | |
| public string ClaimType { get; } | |
| /// <summary> | |
| /// Gets the optional list of claim values, which, if present, | |
| /// the claim must match. | |
| /// </summary> | |
| public IEnumerable<string> AllowedValues { get; } | |
| /// <summary> | |
| /// Makes a decision if authorization is allowed based on the claims requirements specified. | |
| /// </summary> | |
| /// <param name="context">The authorization context.</param> | |
| /// <param name="requirement">The requirement to evaluate.</param> | |
| protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ClaimsAuthorizationRequirement requirement) | |
| { | |
| if (context.User != null) | |
| { | |
| var found = false; | |
| if (requirement.AllowedValues == null || !requirement.AllowedValues.Any()) | |
| { | |
| found = context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase)); | |
| } | |
| else | |
| { | |
| found = context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase) | |
| && requirement.AllowedValues.Contains(c.Value, StringComparer.Ordinal)); | |
| } | |
| if (found) | |
| { | |
| context.Succeed(requirement); | |
| } | |
| } | |
| return Task.CompletedTask; | |
| } | |
| } | |
| } |